diff --git a/CHANGES.md b/CHANGES.md
index 75871979c24a438cdf3e1f3edacce23541a317ad..52b2fd6f8f4c02dd30d55944844957d40d59d009 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,16 @@
+Synapse 1.23.0 (2020-11-18)
+===========================
+
+This release changes the way structured logging is configured. See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details.
+
+**Note**: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so.
+
+Bugfixes
+--------
+
+- Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. ([\#8767](https://github.com/matrix-org/synapse/issues/8767))
+
+
 Synapse 1.23.0rc1 (2020-11-13)
 ==============================
 
@@ -52,7 +65,7 @@ Internal Changes
 ----------------
 
 - Optimise `/createRoom` with multiple invited users. ([\#8559](https://github.com/matrix-org/synapse/issues/8559))
-- Implement and use an @lru_cache decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595))
+- Implement and use an `@lru_cache` decorator. ([\#8595](https://github.com/matrix-org/synapse/issues/8595))
 - Don't instansiate Requester directly. ([\#8614](https://github.com/matrix-org/synapse/issues/8614))
 - Type hints for `RegistrationStore`. ([\#8615](https://github.com/matrix-org/synapse/issues/8615))
 - Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](https://github.com/matrix-org/synapse/issues/8616))
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 960c2aeb2bdcf1f0b2e016fbf5208d1a9660a972..7c19cf2a700edece56eca11c97d584df52943ceb 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -87,7 +87,7 @@ then it should be modified based on the `structured logging documentation
 <https://github.com/matrix-org/synapse/blob/master/docs/structured_logging.md>`_.
 
 The ``structured`` and ``drains`` logging options are now deprecated and should
-be replaced by standard logging configuration of ``handlers`` and ``formatters`.
+be replaced by standard logging configuration of ``handlers`` and ``formatters``.
 
 A future will release of Synapse will make using ``structured: true`` an error.
 
diff --git a/debian/changelog b/debian/changelog
index ae8948650fca39da7a43dafcd76ff78c10c1edd2..4ea4feddd5c13180b6c1134ae7c5cd7b35297ccd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.23.0) stable; urgency=medium
+
+  * New synapse release 1.23.0.
+
+ -- Synapse Packaging team <packages@matrix.org>  Wed, 18 Nov 2020 11:41:28 +0000
+
 matrix-synapse-py3 (1.22.1) stable; urgency=medium
 
   * New synapse release 1.22.1.
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 9791d3ddf0ce8259878931e9acaa972573fd58e4..791cd6936b91d9d3a508efafa0c970c112c21c46 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -36,7 +36,8 @@ RUN pip install --prefix="/install" --no-warn-script-location \
         frozendict \
         jaeger-client \
         opentracing \
-        prometheus-client \
+        # Match the version constraints of Synapse
+        "prometheus_client>=0.4.0,<0.9.0" \
         psycopg2 \
         pycparser \
         pyrsistent \
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 537f2239e5729abbf0c8d4ab578cb3ddafeab7b6..65c1f5aa3f6ccf48c958745653978d02907dd538 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -48,7 +48,7 @@ try:
 except ImportError:
     pass
 
-__version__ = "1.23.0rc1"
+__version__ = "1.23.0"
 
 if bool(os.environ.get("SYNAPSE_TEST_PATCH_LOG_CONTEXTS", False)):
     # We import here so that we don't have to install a bunch of deps when
diff --git a/synapse/python_dependencies.py b/synapse/python_dependencies.py
index 0ddead8a0f49db9d89ea2f00bf27fe7f91f3f4d4..aab77fc45303e9e595cf43bdd57d8eed79f8a072 100644
--- a/synapse/python_dependencies.py
+++ b/synapse/python_dependencies.py
@@ -72,6 +72,10 @@ REQUIREMENTS = [
     # prom-client has a history of breaking backwards compatibility between
     # minor versions (https://github.com/prometheus/client_python/issues/317),
     # so we also pin the minor version.
+    #
+    # Note that we replicate these constraints in the Synapse Dockerfile while
+    # pre-installing dependencies. If these constraints are updated here, the
+    # same change should be made in the Dockerfile.
     "prometheus_client>=0.4.0,<0.9.0",
     # we use attr.validators.deep_iterable, which arrived in 19.1.0 (Note:
     # Fedora 31 only has 19.1, so if we want to upgrade we should wait until 33